[](https://travis-ci.org/1egoman/debundler)
This is a tool to decode javascript bundles produced by tools like Webpack and Browserify into their original, pre-bunded source.
Reasons vary, but I originally developed this to help me with a reverse engineering project I was working on. Needless to say, sifting through minified bundles to try and figure out how a service works isn't fun and is a lot easier when that bundle is broken into files and those files have semantic names.
npm i -g debundle
$ debundle
Usage: debundle [input file] {OPTIONS}
Options:
--input, -i Bundle to debundle
--output, -o Directory to debundle code into.
--config, -c Configuration file
$ cat debundle-config.json
{
"type": "webpack",
"entryPoint": 1,
"knownPaths": {}
}
$ debundle -i my-bundle.js -o dist/ -c debundle-config.json
$ tree dist/
dist/
├── index.js
└── node_modules
├── number
│ └── index.js
└── uuid
├── index.js
├── lib
│ ├── bytesToUuid.js
│ └── rng.js
├── v1.js
└── v4.js
4 directories, 7 files
{
"type": "webpack",
"entryPoint": 1,
"knownPaths": {}
}
(To debundle a simple Browserify bundle, replace webpack the above configuration with browserify)
type (required)A webpack or browserify bundle.
entryPoint (required for webpack bundles)The entry point module id. If left empty in a Browserify bundle it can often be calculated procedurally.
knownPaths (required)An object mapping module ids to the location on disk to put a given module. For example, {"1": "./foo", "2": "mypackage/index", "3": "./bar/baz"} would make this structure:
├── foo.js
├── bar
│ └── baz.js
└── node_modules
└── mypackage
└── index.js
./, it's relative to the output directory.node_modules and the rest of the path indicating where inside that
module to put the file.moduleAstInstructions to get a reference to the module ast. Only required in weird bundles where the location of the modules AST can't be found (because it's in a different location in the bundle, for example). This is indicated as an array of strings / numbers used to traverse through the AST data structure.
For example, ["foo", "bar", 0, "baz", 1] would get ast.foo.bar[0].baz[1].
FAQs
The npm package debundle receives a total of 61 weekly downloads. As such, debundle popularity was classified as not popular.
We found that debundle demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.